Sorry about that. I've been crazy busy the last two weekends, and have
not had a chance to get back to the dissector.
Guy sent me two traces on Aug 10th (both broken in my dissector), and
based on them it seems clear that we do indeed need to reference the
flags field from the previous frame. I have not had the opportunity to
make the necessary changes to the dissector to address the problems Guy
mentioned.
If Richard's patch does make NTLMSSP stateful, this will help
significantly, since I had not yet gone through the ethereal docs to
learn how to maintain state by tcp session.
-Devin
On Mon, 2002-08-26 at 04:57, Guy Harris wrote:
> On Mon, Aug 26, 2002 at 03:42:00PM +0930, Richard Sharpe wrote:
> > I am pretty close to having NTLMSSP and SPNEGO fixed to dissect
things
> > properly.
>
> Presumably this includes making the handling of GSS-API stuff using
> SPNEGO stateful, so that the security blob on packets *after* the
first
> Session Setup andX doesn't get dissected as a GSS-API token, but gets
> dissected as, I suspect, an RFC 2478 NegotiationToken?
>
> Note that if this is the generic GSS-API token dissector stuff, that
is
> also used by the ONC RPC dissector, as well as both the SMB and the
DCE
> RPC dissector, and I have some changes to the LDAP dissector that I'll
> be checking in to make it use that dissector as well; if you're making
> the handling stateful, that mechanism should also be made usable by
> non-SMB and non-DCE RPC dissectors.
>
> Presumably this also includes making NTLMSSP handling stateful, as I
> think Devin Heitmueller said that the dissection of the NTLMSSP blob
in
> NTLMSSP_AUTH may depend on the flags from earlier NTLMSSP_NEGOTIATE or
> NTLMSSP_CHALLENGE packets. The NTLMSSP blob dissector is also used
> outside the DCE RPC code, in the HTTP dissector.
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
--
Devin Heitmueller
Senior Software Engineer
Netilla Networks Inc